[Bug 1114673] New: New UI for firewalld: interface not assigned to the right zone when changed to public in first run
http://bugzilla.suse.com/show_bug.cgi?id=1114673 Bug ID: 1114673 Summary: New UI for firewalld: interface not assigned to the right zone when changed to public in first run Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers@suse.de Reporter: jeriveramoya@suse.com QA Contact: jsrain@suse.com Found By: --- Blocker: --- Interface is not assigned to the right zone after following steps: - Open new UI for firewalld: yast2 firewall - Assign interface to different zone (for example public) - In Zones, set different zone (for example trusted) as default. - Accept - Check with firewall-cmd interface assignation: firewall-cmd --list-interfaces --zone=public | grep ens4 (is not there) but firewall-cmd --list-interfaces --zone=trusted | grep ens4 (it succeeds and it is pointing to the default zone not the one that was assigned) (same result also after trying a firewall-cmd --reload) Assignation works in general, but in this combination and just when the user enters first to this screen and set previous steps, does not work (perhaps some wrong initialization). Expected result: Point to the interface that is assigned in the UI (in the example, to public) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c1
Stefan Schubert
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c2
--- Comment #2 from Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c3
Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c4
Arvin Schnell
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c5
Stefan Schubert
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c6
--- Comment #6 from Lukas Ocilka
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c7
--- Comment #7 from Stefan Schubert
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c8
--- Comment #8 from Stefan Schubert
Schubi, I guess sle12-sp1 was expected to be sle15-sp1, right? sle-12 still uses SuSEfirewall2, sle 15 uses firewalld.
Yes, you are right. You know, sometimes I am "old fashioned" :-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c9
--- Comment #9 from Stefan Schubert
and it is pointing to the default zone not the one that was assigned) (same result also after trying a firewall-cmd --reload) From the man page: Note: Runtime changes applied via the direct interface are not affected and will therefore stay in place until firewalld daemon is restarted completely.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c10
Stefan Schubert
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c11
Knut Alejandro Anderssen González
The setting will be written correctly in permanent mode. E.g.: firewall-cmd --permanent --list-interfaces --zone=public returns the correct value. But the have not been done in the running mode. Either we also call the write command without the --permanent mode or we have to restart the firewalld service (reload does not help here).
Well, the reload should work although there was a bug in firewalld which was not reflecting the changes: https://bugzilla.opensuse.org/show_bug.cgi?id=1112008
While writing the settings I can only see: "systemctl show firewalld.service" but no restart.
-- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c12
--- Comment #12 from Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c13
--- Comment #13 from Knut Alejandro Anderssen González
For SLE15SP1 is fixed: https://openqa.suse.de/tests/2397917#step/yast2_firewall/90 But for Leap we can still see the problem: https://openqa.opensuse.org/tests/836155#step/yast2_firewall/86
That test still uses yast2-firewall-4.1.8 So basically once the build ships with this request https://build.opensuse.org/request/show/667764 it will also pass the test. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c15
Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c16
Stefan Schubert
I checked leap and sle15sp1 and it is fixed. Thanks! I'm going to reopen the bug only for TW: https://openqa.opensuse.org/tests/ latest?arch=x86_64&flavor=DVD&distri=opensuse&version=Tumbleweed&test=yast2_g ui&machine=64bit#step/yast2_firewall/85 (ens4 should be in public zone)
Makes it really sense to reopen the bug ? The fix should go automatically to opensuse. I think a bug should be closed if it has been fixed. Otherwise the YAST team looses the overview about bugs which still has to be fixed. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c17
Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c18
--- Comment #18 from Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c19
Martin Loviska
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c20
Rodion Iafarov
http://bugzilla.suse.com/show_bug.cgi?id=1114673
Lukas Ocilka
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c21
--- Comment #21 from Knut Alejandro Anderssen González
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c22
Knut Alejandro Anderssen González
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c23
--- Comment #23 from Knut Alejandro Anderssen González
http://bugzilla.suse.com/show_bug.cgi?id=1114673
Knut Alejandro Anderssen González
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c30
Oliver Kurz
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c31
--- Comment #31 from Joaquín Rivera
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c32
--- Comment #32 from Oliver Kurz
[…] Not sure what it is blocked by this bug because there are no other tests depending on this scenario and the gui tests continue even if one fails.
Of course the *scenario* is not blocked but the single test module. A side-effect is that the carry-over is more tedious and less robust than the error condition detection within the test code or a workaround needle. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1114673
http://bugzilla.suse.com/show_bug.cgi?id=1114673#c33
Joaquín Rivera
https://bugzilla.suse.com/show_bug.cgi?id=1114673
Pavel Dost�l
https://bugzilla.suse.com/show_bug.cgi?id=1114673
https://bugzilla.suse.com/show_bug.cgi?id=1114673#c46
Knut Alejandro Anderssen Gonz�lez
https://bugzilla.suse.com/show_bug.cgi?id=1114673
https://bugzilla.suse.com/show_bug.cgi?id=1114673#c47
Joaqu�n Rivera
https://bugzilla.suse.com/show_bug.cgi?id=1114673
https://bugzilla.suse.com/show_bug.cgi?id=1114673#c48
Stefan Hundhammer
participants (2)
-
bugzilla_noreply@novell.com
-
bugzilla_noreply@suse.com